Config::OpenSSH::Authkey - interface to OpenSSH authorized_keys data


  use Config::OpenSSH::Authkey ();
  my $ak = Config::OpenSSH::Authkey->new;


This module provides an interface to the entries in an OpenSSH authorzied_keys file. Both SSH1 and SSH2 protocol public keys are supported. Config::OpenSSH::Authkey::Entry provides an interface to individual entries (lines) in the authorzied_keys file.

This is a pure Perl interface, so may differ from how OpenSSH parses the authorzied_keys data. The sshd(8) manual and OpenSSH 5.2 source code were consulted in the creation of this module.

Consult the "OPTIONS" section for means to customize how authorized_keys data is handled.



Constructor method. Accepts a hash reference containing "OPTIONS" that alter how the instance behaves.

  my $ak = Config::OpenSSH::Authkey->new({
    tag_dups => 1,
    nostore_nonkey_data => 1,

Accepts a filehandle, stores this handle in the instance, for future use by iterate or consume.


Accepts a filename, attempts to open this file, and store the resulting filehandle in the instance for future use by iterate or consume. Throws an exception if the file cannot be opened.


Returns the next entry of the filehandle (or, lacking a filehandle in the instance, throws an error. Call fh or file first). Returned data will either be Config::OpenSSH::Authkey::MetaEntry (comments, blank lines) or Config::OpenSSH::Authkey::Entry (public key) objects.

For example, to exclude SSHv1 authorized_keys data, while retaining all other data in the file:

  while (my $entry = $ak->iterate) {
    if ($entry->can("prototol")) {
      next if $entry->protocol == 1;
    print $output_fh $entry->as_string, "\n";

This method consumes all data in the fh or file opened in the instance, and saves it to the module key store. The auto_store option is temporarily enabled to allow this. Set the nostore_nonkey_data option to avoid saving non-key material to the key store. Stored keys can be accessed by calling the get_stored_keys method.

parse data

Attempts to parse input data, either as a comment or blank line with Config::OpenSSH::Authkey::MetaEntry, or as a public key via Config::OpenSSH::Authkey::Entry. Will throw an exception if the public key cannot be parsed.

Returns either an Config::OpenSSH::Authkey::MetaEntry or Config::OpenSSH::Authkey::Entry object.


Instance method. Returns an array reference of any public keys stored in the instance. keys will only be populated if the auto_store option is enabled.

Keys will be either Config::OpenSSH::Authkey::MetaEntry (comments, blank lines) or Config::OpenSSH::Authkey::Entry (public key) objects. To avoid storing comments and blank lines, enable the nostore_nonkey_data option before calling iterate or consume.


Removes all authorized_keys entries stored by the instance. Also removes all the seen keys from the duplicate check stash.


Removes all the seen keys from the duplicate check stash. This method is likely useless if a custom code reference has been installed to handle the duplicate key checks.


The following options can be specified as arguments in a hash reference to the new method, or by calling the option name as a method. All options default to false. Pass a true value to enable.

auto_store boolean

Whether to store parsed entries in the instance. The default is to not store any entries.

tag_dups boolean

Whether to check for duplicate authorized_keys keys. The default is to not check for duplicate keys. If this option is enabled, the duplicate_of method of Config::OpenSSH::Authkey::Entry should be used to check whether a particular entry is a duplicate.

nostore_nonkey_data boolean

Whether to store non-key data (comments, blank lines) in the auto-store data structure. The default is to store these lines. The iterate method always returns these lines, regardless of this setting.


Utility class that stores blank lines or comments. Objects of this type should only be created by the parse_fh or parse_file methods. The object supports an as_string method that will return the line. Disable the parsing of this data by enabling the nostore_nonkey_data option prior to calling a parse_f* method.


No known bugs. Newer versions of this module may be available from CPAN.

If the bug is in the latest version, send a report to the author. Patches that fix problems or add new features are welcome.


sshd(8), Config::OpenSSH::Authkey::Entry


Jeremy Mates, <>


Copyright 2009-2010 by Jeremy Mates.

This program is free software; you can redistribute it and/or modify it under the Artistic license.